Hello again… I get this on digest mode (and wasn’t even sure my initial message went through to the list), so please forgive the delay in responding.
I think the various reactions to my post suggest that a sizable number of users (and by "users" I mean those who are not affiliated with Apache and who are not core contributors) find Solr difficult to use. For me, this was confirmed many months ago when a family friend—a non-technical CEO twice my age of a company recently acquired for a very sizable sum—came over for dinner and without any prompting from anyone began complaining about this impossible program at work called Solr that none of his engineers could get to work. By his telling, he had several experienced engineers working on it. I’m aware that issues with Java are not Solr’s fault. But most programs still manage to gracefully fail when they are missing a dependency, and then clearly report what’s missing. If you’re not actually a Java programmer, which I am not, "major.minor 52.0" (for example) is meaningless gibberish. "Please download and install JRE 1.8 to run this software" would be considerably clearer. How is it that Solr can search through millions of files, but it can’t do that? As for the suggestions that I should (1) read the documentation; (2) file reports on JIRA; and (3) hire a consultant if my own skills aren’t up to snuff: 1. I did. The documentation is severely lacking, apparently having been written by project contributors who have vastly different goals than their users. Example #1: the security issue (I still can’t figure out how to password-protect the Solr web UI, a convenience perhaps, but a convenience I depend upon because I cannot spend all day handling the combination of the command line and Java, neither can most people, and I still can’t figure out how to install or use "Zookeeper") is documented here: https://cwiki.apache.org/confluence/display/solr/Securing+Solr Note the red section at the bottom (which originally wasn’t even there): "No Solr API, including the Admin UI, is designed to be exposed to non-trusted parties. Tune your firewall so that only trusted computers and people are allowed access." If one of my employees tried to pull this I would fire them. Admin UIs in every other product I’ve ever seen are password-protected. Always. Netscape Enterprise Server in 1996 had a password for its admin UI. (See https://docs.oracle.com/cd/E19957-01/816-5654-10/816-5654-10.pdf, page 62.) Cobalt RaQs in 1999 had passwords on their Admin UIs. Home routers have had passwords since time immemorial. It’s 2016. Solr is on major release version 6. Don’t tell me how to configure my firewall, and certainly don’t tell me that firewalls can programmatically block access to "people". (My understanding of firewalls is that they block access to IP addresses and/or ports—if there was a product that could magically always block certain people, who would bother with firewalls?) Even if I configure my firewall to restrict [IP]:8983 to one IP, many people may use that IP, especially at a large organization with enough data to merit a product like Solr! Fix your dangerously insecure product, give it an install script that handles the SSL cert generation, and if I for some reason need to do something to turn that fix on, please tell me how. Note also, going back to Zookeeper, that on https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin, the documentation states, "Run the following command to upload it to Zookeeper. (ensure that the Zookeeper port is correct)". First, what is it talking about? I’ve never heard of Zookeeper outside of an actual zoo. Second, it runs on a port? Third, which port? Is it 9983, as is only cryptically alluded to below? What if it’s not running yet? How do I start it? Is it secure? Is it part of Java? Is it part of Solr? Is it even installed? Why is this my problem? Can you imagine if any other piece of software involving a password worked this way? (Yes, I have read the Apache Zookeeper Wikipedia article. My point about flaws in the documentation stands. It is confusing to new users—those who need it most.) Example #2: the potential bug involving the fieldType error message. I searched for documentation on the fieldType. Something about the Solr API (https://lucene.apache.org/solr/6_2_0/solr-core/org/apache/solr/schema/FieldType.html) came up which was not relevant or helpful. It’s easy to say RTFM, but what if the product is full of bugs? Those tend not to be in manuals. After doing this dance enough times I’ve learned that the Solr documentation is most often out-of-date or unhelpful. So here I am. 2. I have filed several reports on JIRA. Here’s the kind of response I have received in the past: https://issues.apache.org/jira/browse/SOLR-7896?focusedCommentId=14661324&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14661324 "Please bring this kind of thing up on the user's list rather than raise JIRAs to be sure you're not simply misunderstanding things. If it's a real problem in Solr, then raise a JIRA." So here I am! I’m on the user’s list! And I’m being given the runaround. The developers often don’t think user feedback about critical features amounts to a "real problem", but the mailing list is the wrong place to complain because it’s not structured enough. This is potentially why (in my view) Solr never really improves. 3. This is a potential solution, but not one I choose to pursue. For one thing, I am not an idiot. I’ve managed Linux systems for about 18 years now and I’ve been programming for 20. I have learned that I am rarely the best at anything, so sure, I fully admit that there will always be others with much better skills than my own. But I’m an intelligent person with experience in software trying to leave constructive feedback, and being told that my feedback essentially reflects on my own stupidity kind of misses the point. I’m providing feedback because things need fixing. As for Bram Van Dam’s question about how a settings database would work, I don’t think it’s worth getting too specific here, but my general response would be, if you need a good model for how to widely deploy software—not a perfect model, but a good one—look at WordPress. A lot of people use WordPress. Like any software, it has its flaws. But average people are able to sign in, with a password (!), change their admin settings, and save those settings I’m pretty certain to a MySQL schema. I’d love to be able to do that with Solr. Lastly, I run a non-profit foundation devoted to transparency, and I think Solr could do a lot to help further my foundation's goals. That’s why I’m using it at all. It’s the kind of project I’d be willing to fund (since I don’t think I can write the code myself in this instance)—except that very few people working on Solr ever take my concerns seriously (even though users seem to). If funding is the reason (or even a reason) that Solr isn’t in a better state, the way users are treated might be part of the problem. Aaron PlainSite | http://www.plainsite.org
