The 3-process design has 2 advantages over the 2-process design:

	(1) vfork can be used for more reliable timing
	(2) signals can be used instead of polling to monitor program status


control flow:

	user types "matlab arg0 arg1" (matlab is a link to the license client)

	lclient gets key, forks

	parent is now expendable; it exists only so the shell knows the status
	of the main program (??? what if program ignores or traps some signals).
	It can be killed with no side effects other than loss of job control
	(note that "kill %1" in csh will kill program, while "kill 1111" will
	kill only this expendable shell).

	child decrypts program into /tmp and forks

	grandchild execs program

	child removes temporary file, ignores signals, and monitors program



encryption:

	DES: the 64 bit user-supplied key is used to encrypt each 64 bit
	block of the executable.   No chaining is used.

	MD5: the 128 bit user-supplied key is checksummed and the sum XOR-ed
	with blocks of the executable.  Each 32K, the sum is passed through
	MD5 again.  This isn't especially secure, but could be made much more
	secure by (1) XOR-ing with the original key, (2) recalculating the sum
	more often.