(I suspect you meant “safe” in a different sense, but I couldn't resist.)
Definitely not. 'Safe' means too many things in different contexts to make sweeping statements like that.
Here's one i came across recently. You are interacting with a stock exchange. You have sent an order to buy 100 shares of Twitter stock at some price, and it is now resting on the order book, waiting for orders to sell at that price. You see that the character limit on tweets is being increased, and decide that you don't want to buy 100 shares, but only 90, so you send a message to modify your order. At the same time, two other people, who have also seen the news, decide to dump their holdings of 90 shares each by sending sell orders at the price you are bidding. Their messages arrive just before and after yours. What happens?
If the message to reduce your order is a nasty non-idempotent one which says "reduce my order by 10", then:
1. First seller's order to sell 90 matches your order to buy 100; you buy 90, and your order is reduced to one to buy 10
2. Your modify message reduces your order of 10 to 0
3. Second seller's order to sell 90 arrives, but has nothing to match with
You have successfully bought 90 shares, well done.
If the message to reduce your order is a nice safe idempotent one which says "change my order to 90", then:
1. First seller's order to sell 90 matches your order to buy 100; you buy 90, and your order is reduced to one to buy 10
2. Your modify message increases your order of 10 to 90
3. Second seller's order to sell 90 matches your order to buy 90; you buy 90, and your order is reduced to 0
You have bought 180 shares. Oh dear.
This is not hypothetical. More than one new exchange has launched with a protocol where orders are modified to a target amount, rather than by a target delta, and changed it some time later, after their users got themselves in a pickle.
You can do a bit better by making the modify message a compare-and-set, so it only changes the quantity to 90 if it is currently 100. In that situation, the modify will fail, and the second order will sell you 10 shares. That's still not as good as the non-idempotent message.
> (I suspect you meant “safe” in a different sense, but I couldn't resist.)
The moral of this story is that computer scientists should not be allowed to use the word "safe"!
> Definitely not. 'Safe' means too many things in different contexts to make sweeping statements like that.
The intended reference (which I hoped would be recognized generally in this audience) was to he definition of “safe” and “idempotent” in HTTP (see section 4.2 of RFC 7231.)
(In your example, neither operation is “safe” in the HTTP sense; all state-modifying operations are unsafe.)
It would take different data structures and a different API to translate the user's intent correctly, and then the idempotence of the operation may be important. For example, if the order had a "total" and "current balance", you could be sending a message to set the total to 90(which would internally reduce the current balance), and since that message is idempotent, it's safe to send it multiple times.
Only if you can be sure the non-idempotent message arrived. It's not safe to re-send the delta message.
