
“Artery chokes after 70 copies of Visual Studio” - distilled
https://connect.microsoft.com/VisualStudio/feedback/details/812643/artery-chokes-after-70-copies-of-visual-studio
======
kohanz
Not that this is a major bug, but it makes me wonder why a bug report of this
detailed nature (basically doing the debugging for Microsoft engineers)
shouldn't be eligible for a bounty, just as exposed security flaws are.

For this bug, it would be a very small or non-existent bounty since this use
case affects almost no one, but what if someone found a major bug that was not
a security issue, and worked out the cause and fix, as was done in this case?
Is that so much less valuable than a security issue?

~~~
evan_
Bounties exist for security bugs to make it more profitable to report the bug
than it is to exploit it, or to sell knowledge of it to those who would. A buy
about opening 70 copies of Visual Studio is unlikely to be very profitable to
exploit.

~~~
droopybuns
Repectfully, you are incorrect that bounties exist to make it more profitable
to disclose than to sell.

Corporate bug bounties will never be able to compete with the budgets of
nation states.

They are basically a way of paying respect for a moral approach to a discovery
that takes great skill.

~~~
evan_
You're right. I shouldn't have said "more profitable"\- obviously you're going
to get more money immediately by exploiting a bug that gives you direct access
to everyone's bank account. What I should have said was "more attractive".

If I have to choose between 5 year's wages with a 90% chance of going to jail
for a very long time vs. a month's wages as a bounty and a 0% chance of going
to jail, I'm going to pick the bounty every time. I think a lot of people
would agree with me.

As discussed further down in this thread, raising the value of the payout or
lowering the possibility of being caught makes the other side more attractive.

(of course, _I_ would choose to disclose every time, because I'm just a good
person.)

~~~
tzakrajs
Bad guys must not agree with your assessment of 90% chance of going to jail.

~~~
mseebach
The risk of getting caught isn't constant, it's highly dependant on the
circumstances and the perpetrator.

Also, besides the crime itself, spending a large sum of ill gotten money
without getting caught is a lot easier if you already move in an environment
geared for that - few things you can do in a middle class lifestyle that won't
arouse suspicion.

------
Locke1689
That explains it: this is a Schabse bug. He reports bugs like: when you have 4
levels of nested generics with an overriden indexed property going through
ComImport, the modopts are incorrectly copied into the method signature,
causing a runtime crash in the CLR.

It's like having another tester on the C# team :)

~~~
dev360
Or like having an aspbergers stalker?

------
mnichloo
What I want to know is this, what hellish workflow led to the discovery of
this bug?

~~~
larsberg
My guess would be that it's an automated build / deploy system that required
some addon installed to run, so they had to run `devenv /build` instead of
using msbuild. Then they saw this behavior on one of their build machines when
something wasn't installed correctly and the process just terminated, after 71
retries...

Source: I was on the visual studio environment team a decade ago, and Rube
Goldberg himself could not design a build process that would surprise me, at
this point.

~~~
raverbashing
One of my personal corollaries: all build systems suck

Some suck more, some less

And most of the time it's overcomplicated.

~~~
achamayou
No one ever wants to build, all a developer really wants is a type checker.

------
stackcollision
Is there a repository somewhere of really great bug reports like this?
Something along the lines of "commits from last night".

~~~
mburst
Not quite the same but there is
[http://www.commitlogsfromlastnight.com/](http://www.commitlogsfromlastnight.com/)

~~~
thejosh
Hilarious, does this search for common swearwords?

~~~
versk
Seems likely to be shit, fuck or stupid

------
Serow225
Now that's how bug reports should be written!

~~~
raxen
Agreed but I was confused by the MS response of "Thank you for submitting
feedback on Visual Studio and .NET Framework." It seems like the bug is in VS
and not .NET. Are they that interweaved these days?

~~~
Zenst
in 1998 I was working with VS and had a bug with OCX and was told that the bug
was due to VS not working with the current IE version as well in places and
was fixed in the new release of VS due out.

So I'd say very interweaved if history has its design legacy mantra.

~~~
asveikau
IIRC Internet Explorer used to overwrite the shell DLLs which contain a lot of
random helpers and stuff that is not strictly shell related but tempting to
make your application depend on. I remember this being a frequent source of
"app not working, probably works on the developer's machine" type issues,
especially in the time period where this was changing a lot.

------
dodders
From the workarounds tab: "Do not open more than 70 copies of Visual
Studio..."

~~~
rob-alarcon
haha, yeah, it's really funny: "Do not open more than 70 copies of Visual
Studio and do not, in any case, choke the artery! What's wrong with you?
Choking the artery! Have nothing better to do?"

~~~
luke-stanley
They might be wanting to run automated tests to find some other problem, and
find after 70 tests, they get an error. So it's sensible to want to fix it.

------
merrua
Would the GetLinesFromFile() memory leak cause performance issues on anything
outside of this example? Its hard to think of a broader usecase. Though I
would suppose its annoying that it eats memory on an older machine. But since
it will only be updated for VS 2013 that wont matter until the newer machines
get old. Slight affect if doing long running performance testing?

------
dferlemann
Instead, I had to hunt down the person who wrote bugs with only titles and
severity level critical....

~~~
Cthulhu_
"unable to reproduce / not enough information" -> close.

If users want you to fix a bug, they should assume you're an idiot and can't
extrapolate what their problems is from the title alone.

~~~
jerf
"It depends". If I'm getting this out of a user support case, I can't really
do that. The support person in question might get an earful... actually, tense
correction, support people _have gotten_ earfuls from me on the virtues of
filing the moral equivalent of "it doesn't work"... but for the customer's
sake I can't just smash the bug report closed and smile smugly.

------
yread
Why is this interesting?

~~~
QuadDamaged
I run multiple instances of vs.net and don't reboot every week, In my case,
I'm cycling through at least 10 instances a day. This bug report is actually
interesting (to me).

~~~
yread
Yes, but do you shut them down ungracefully?

Do you expect to read interesting bug reports on HN?

~~~
QuadDamaged
I've killed so many devenv.exe in my career that there must be some kind of
warrant on my name in Redmond.

I agree that vs.net is not really pertinent to the core 'hacker' audience
here, but this bug report is actually relevant to me, and I didn't get it from
my MS-oriented feeds.

I should read HN's FAQ, but aren't articles making it to the front page by
being upvoted from new?

~~~
maccard
Ditto. And I've ony used VS for about 2 years now

------
jheriko
hehe.... i wonder if they will fix it or simply accuse you of being an idiot
several times over before reading the bug report and realising its genuine. :P

what i find much more interesting than this kind of bug though is that there
are several possible ways to expose vs bugs with one step after making a new
project in the current version...

~~~
ygra
The issue has already been closed as Fixed.

~~~
bananas
Based on my experience with connect that doesn't mean it was fixed in the
product version you reported it against or any future version.

~~~
merrua
They mention future version of 2013. So its gone to their bug reports
database, to be prioritized rather than is fixed.

~~~
ygra
From the description of the resolution reasons, that'd be "Deferred".

~~~
merrua
I'd imagine deferred, is less "pre-grooming" as "nice-to-have-some-time". But
I dont work for MS.

