I don't know about the overall breakdown but in my case longer runs are prototyping, bug hunting, reverse engineering, etc. For example Gnome Remote Desktop didn't work in my configuration due to a combination of hardware and codec bugs and settings. One drive to make it work, another to backport the current upstream packages to Debian stable, restack the patches, and push to my machines. Another sequence of long runs was writing a new client for a closed-source conferencing service I use to allow fixing some particularly irritating bugs. Exploit development has the same shape although that's not something I do personally. From what I've seen the amount of useful hands-off run time is directly related to how clearly it's possible to specify a concrete, verifiable standard by which to judge the outcome. For some tasks that might be days or weeks, for forward engineering on a software product that for me is usually under an hour.