[jrochkind1]

Hm, I misunderstood, I thought the checkpoint system was also concurrency control to make sure nobody else had changed it from underneath you between read and write, since you had to read and write the whole (mega) document even though you only wanted to change a part (sub-document).

Doesn't the KV provide idempotency on it's own -- so long as you're checking that no changes have happened between read and write, why wouldn't doing the same write twice produce an idempotent result? A change happenening between read and write seems the only reason that would be a problem.

But clearly it's complicated and we don't have the whole picture as to business needs. Definitely sounds awful.

[luuio]

> why wouldn't doing the same write twice produce an idempotent result

you can imagine this:

```

var thing = KVStore.Get<MyThing>(...);

if (things.Checkpoints.Contains(myUuid) == false) {

  thing.Counter += 1;

}

KVStore.Update(thing); ```

having an etag doesn't help you with retries, where we expect that `thing` could be mutated by another flow between your retries.

[jrochkind1]

If the thing was mutated between your retries, then wasn't the etag changed by that mutation? So if you know the etag you started with, your conditional update on etag fails due to changed etag. So you fetch it again and start over. Which is the general optimistic locking algorithm.

i may be missing something though?

[luuio]

let's say you have an object like this when you started: {count: 10, etag: 1}. then for some reason, something failed.

when you retry and load the object, you get {count: 12, etag: 3}. how do you know if your previous attempt had successfully persisted or not, or if the updates to the object came from other processes/requests?

you're mixing up conflict handling vs. idempotency

[jrochkind1]

Ah, the system is not capable of giving you a confirmation that your update succeeded, you don't really have a way to know without external "checkpoint" system?

Anyway, okay, I get that I don't get it, and I get that it does sound terrible, agreed!

[luuio]

Look up the two general problem on youtube. Unless the entire end to end operation is wrapped inside a giant transaction, no system in the world can give you the confirmation.

Imagine this: you issued a write, a few things can happen: 1. The callsite crashed, maybe due to an out of memory issue or whatever. You don't know if it succeeded

2. The database returned an acknowledgement, but then the callsite crashed before storing the acknowlwedgement for the next step.

[jrochkind1]

You are under no obligation to continue this conversation of course.

> Unless the entire end to end operation is wrapped inside a giant transaction, no system in the world can give you the confirmation.

But how do people use, say, redis, without an external "checkpoint" system, how do you do, say, an INCR operation, and know if it succeeded or not?

Or are most uses of redis actually dangerous and subject to these error conditions, perhaps it's tolerable to risk that error for most redis use cases, but wasn't for the system under discussion? Most developers using redis definitely aren't using external "checkpointing" systems, or considering if they should be or not -- should they be?

But of course you've convinced me that the system under discussion would have been better off using an rdbms, something I never doubted.