I would say against both genders.

Mothers carry their child for ~9 months, they give birth to that child. The bond between a mother and her freshly born child is bigger than that of the father.

Of course fathers are very important too, and yes fathers should spend more Time with their children in general.

But it's Just crazy to ask mothers to get back to work as soon as possible. Many mothers want to Work part Time, because they want to spend more time with their children. The issue is, that care work is not paid or valued nearly the same as work for money.

Also if you're feeding your young child like you are supposed to, the father simply can't feed the child, because we don't give milk.

Nearly all articles about this topic care only for how to get women back to Work instead of what's best for society and for families.

If that would be the Focus, we would talk way more about how to integrate children into the work Life and less on how to grow GDP.

ruroco DOES prevent replay attacks, by saving the deadline (which is in ns) in a blocklist. It does not matter if the deadline has "passed", the deadline is added to the blocklist as soon as the packet reaches the server and is deemed "valid". So each packet is only valid exacly ONCE

Once this UDP packet reaches the server the deadline will be added to the blocklist.

If an attacker sends the same packet again, the server will check its blocklist for the deadline. It does not matter if the deadline has been reached or not. once the packet reaches the server, the deadline of that packet will be added to the blocklist.

the deadline that is sent from the client is being added to the blocklist after the command was executed, so sending the same packet again will not work, because the deadline (which is in nanoseconds) is already on the blocklist and therefore the command will not be executed again.

This effectively means that replaying a packet is not possible, because the server will deny it.

Are you referring to fwknop? Thats not "port knocking" but Single Packet Authorization. That is very different from port knocking.

How can one incorporate secure cryptographic hashes with simple port knocking?

But if an adversary uses the SAME network, then the IP address that the server sees will be the same for the client and the adversary, so it only matters if the adversary takes the packet and sends it from a different network, which the adversary won't have to do, because they still control the network where the packet was originally sent from.

I would argue that it does improve security in the way that it reduces the attack surface of potential vulnerable services, because they are simply not accessible for adversaries.

On the other hand, having another tool running increases the attack surface, but imho that's very small.

Kind advice from my PoV:

Your comment could be read as "your project is shit, there is ostiary which has replay protection and yours doesn't".

I'm sure you didn't intend for you comment to not come across that way, and I also did not read it that way, but others could have.

Also keep in mind that ruroco is a very young project and is by no means finished. I was thinking about using one-time-pads or other encryption algorithms as well. I also posted this here to get feedback to improve my project.

So hopefully when I release version 1.0.0 all the issues that this project has atpit are resolved ;)

Ultimately reading firewall logs to do port knocking is most secure way, because - as you said - there is virtually no attack surface.

I would argue that port knocking is extremely inconvenient and does not work in every scenario. So for me it's a tradeoff between "ultimate" security and convenience.

I have, but I do not want to run a VPN solution on my private sever, for which I barely have any need. Also Wireguard, although VERY secure is still not "simple" software.

In addition there are usecases where Wireguard would not help, for example when I want to open up an http service for the current network that Im in.

that's because I run my ssh on port 80, but that's not standard, so I agree that it's confusing. Thanks for pointing it out. I will fix it :)

Ruroco can be used for more than just keeping sshd logs clean, for example I could also enable a service other than ssh, for example a private file server that I want to get access to when I'm on my phone (although I haven't implemented an android version yet, it should be doable).

I used to use port knocking, but at some point found myself in a hotel where they blocked ALL ports, except TCP 80 and 443 (did not check UDP at the time).

My ssh port is on 80, so I can use all of my tools, even if the network I'm in blocks everything else.

Thats exactly what I'm using it for - I'm the only one on my server :)