Saturday, May 3, 2014

Good, bad & ugly - Your password

I have already been ranting about passwords several times. They might be there to protect your digital assets but are also a liability. There are a lot of articles about user passwords being easily guessable. Usually they blame the user and his/her stupidity, the inability to select and remember a password. I consider this plain wrong. Most of those errors are enforced by anachronistic and bad password policies.

Password requirements

A good password must have two properties:

1) It has been memorized by the user
2) It is difficult to guess for a third person (even if he/she knows the user well)

But in most cases another requirement is thrown into the mix:

3) The password shell be complex (have a high entropy)

Usually the requirements take the form of a password policy like this:

  • The password must be at least 8 characters long
  • The password must contain upper- and lower-case letters
  • The password must contain a number
  • The password must contain a non-alphanumeric character

You notice anything? Yep, this policy only focuses on the third requirement. And it does so at the expense of the first requirement and (knowing human psychology) it also has a negative impact on the second requirement.

A good example (on how not to do it) was implemented by the Attorney General of Texas:

They try to specify entropy in details which is kind of ironic.

Threats to passwords

Let us take look at how the security of password can be compromised:
  1. The input of the password has been observed (by eavesdropping, key-loggers or by the ordinary Mark 1 Eyeball)
  2. The password has been re-used by the user in a different context where the attacker has access to it
  3. The attacker gained access to the encrypted storage of password and managed to extract it from there
  4. The password has been guessed by the attacker
How does having a complex password help you against these attacks?
  • In case of an attacker observing the user entering the password, no complexity will help. Rather the contrary, a password with mixed upper/lower-case, numbers and special characters is entered at a significantly slower pace. This helps an attacker observing the password by good old-fashioned peeking.
  • If the password is known to the attacker from the use in a different context, the complexity is no help either. Knowing the psychological side, cryptic passwords are rather compound the problem. Once a user has found a password that fits the typical policy, he tends to use it wherever such a password policy is in place and therefor increases the chances of an attacker to use a known password of the user in a different context.
  • In case of access to the encrypted password store, the complexity clearly helps to hamper the attacker (if the password is encrypted properly).
  • One would expect that password policy should help making a password un-guessable for a third person. From my personal observation the contrary is true. Under the watchful eye of a password policy they tend to stick to first names, upper-casing the first or last letter, replacing characters by similar looking special characters or numbers and/or adding numbers at the end (like birthdays).
Summary: Only in one attack scenario choosing a complex password helps, in all other scenarios it does not have any or even a negative impact. So let us look at this scenario a bit more detailed.

Decrypting passwords

To decrypt the password of a user, the attacker has first to have access to the password storage. At which point the first and most critical security failure has already occurred. And the user had nothing to do with it.

When it comes to decrypting a password, the algorithm used is a more important than the complexity of the password. If the service provider has not done his home work, complex passwords offer only little protection. This is another critical point, where the user has no influence whatsoever.

But in case of the service provider having botched the safety of his password file but made everything correct when choosing the algorithm the complexity of the user passwords can offer extra protection against the attacker. 

Does this case justify all the negative impact?

I want to point out, that the safety of the encrypted password is not the responsibility of the user. So would say: Don't make him part of the process here. Don't shift the responsibility to to him where the service provider is responsible.

Remark: I did not specifically address the issue of an attacker trying out all passwords by automatically entering them one after another. It falls into the same category since it starts with a critical error on the service provider side by allowing this.

What shell we teach users about passwords?

I think we should focus on the first two requirements i started this blog post with:
  • Choose a password you can remember
  • Use a password someone else does not associate with you
and (which is more important than complexity):
  • Use distinct passwords, at least for the most critical uses (Work, Banking, Apple, Facebook, Google, Paypal, Amazon) and never use those somewhere else.
If the user follows those three advice only, his security would be greatly improved. It is much better to use several (cryptographically) weak passwords than one good one for everything.

What about password complexity?

I am not opposed to complex passwords, as long as it has no negative impact on the more important issues. There is nothing bad about advising the user about his password being weak or strong as information.

But if you do so, please do it right. Do not just look for which kind of characters are used. Don't care about the source of entropy as long at it is there.

"Test1234!" is not safer then  "mucho danke shopping magazzini", rather the opposite. Let the user find his way to create a memorable complex password. If you force him into a scheme you think best, you will weaken passwords.

And: Except for the most critical uses, 40 bits of entropy are enough. If it is not enough, you need to rethink the way you store your passwords. 

That is why i think XKCD has it right, no matter what Bruce Schneier says (i never thought i would agree on a security topic rather with a comic author than one of my most respected security experts).

Are there exceptions?

Yes, of course. There are always exceptions. But in those cases you should rather look into using two factor authentication than trying to get the users brain work in a way that evolution did not intend it to. 

Password Managers

It seems to have become a fashion to prohibit the use of password managers, either by written policies or enforcing it in web application. I consider this a bad idea. If a user tells me, that he has problems memorizing passwords of sufficient complexity, i tend to believe him. Password managers are a great help, but personally i want to be able to recite my critical passwords (Amazon, Google, Apple, Paypal) directly.

Wednesday, February 19, 2014

Review: Influx by Daniel Suarez

The nobel prize seems to be within the grasp of Jon Grady.  Being an academic dropout seems to be no longer a real obstacle since he just implemented his first prototype of a gravity reflection device. While the Wall Street bankers bankrolling his startup don't seem too happy about being misled about the direction of his research, their expert confirms the validity of his claims.

But when something seems to be to good to be true, it usually isn't. The visiting "expert" makes a telephone call and the bomb goes off, quite literally. A neo-luddite terror organisation storms the lab, knocks out everyone and blows it all up.

To his own surprise Jon Grady survives the experience and finds himself in the clutches of the Bureau for Technology Control (BTC). As it turns out, they are having both feet on the breaks concerning the deployment of new technology (of course purely due to concern for mankind). Scientists and Developers who threaten to disturb the status quo too profoundly are offered a choice: join, disappear and play with the good stuff or just disappear.  

So Jon has to consider the gravity of his situation. As he soon finds out, the governmental oversight of the Bureau has been slightly neglected.

After his novel "Kill Decision" was published, some complained to Daniel Suarez that he has written more a blueprint than a novel.  Like his works "Daemon" and "Freedom (TM)" it gave the technology-versed reader quite a chill. Since John Brunner passed away, no other author has managed to radiate such feeling of frightening authenticity in his books. Together with the author we can only sincerely hope  that he is further off the mark this time. 

His past as system consultant and software developer gives him his ability to describe just-around-the-corner technology. But the real hitter are his credible predictions on how and where those will be used. While the apparent technology in 2016 (where "Influx" is set in) does not differ too much from today (thanks to the untiring efforts of the BTC), he takes a lot more liberties on the "suppressed" technologies.

His previous books were not short on humor, but he has given it a lot more leash here. One can't do other than appreciate the irony of US intelligence and law enforcement agencies being spied upon by superior technology. There are several of such hidden gems inside the book. Furthermore the clones of the top BTC operative have some QA issues and regularly provide comic relief.

When reading the previous books, my professional personality was never completely switched off.  The job-me was permanently looking myself over the shoulder and doing some appraisal. With "Influx" the entertainment nearly does a solo performance. But Daniel Suarez can't completely get rid of his habits and there are still some very sobering parts. The gulag for scientists comes straight from the worst nightmares.

The pacing of the book is high right from the start and it is hard to lay aside once you begin flying through the 380 pages (hardcover). The story mostly flies straight as an arrow, the supposedly good cause of the bad guys is threadbare right away. With the roles clearly assigned early on, "Influx" makes an relaxing and enjoyable read.

Of course there is another possible alternative explanation for this book: Daniel Suarez got snatched by the Bureau for Literary Control since he was getting close to the reality prediction and was forced to write more freewheeling stuff. If the results remain that entertaining, that is fine with me.

In any case, you find his book on Amazon.

Saturday, February 8, 2014

Review: Directive 51 by John Barnes

Directive 51 is the first book of the Daybreak series with currently three novels. The title is derived from from the "Executive Directive 51", a Presidential Directive which claims power to execute procedures for continuity of the federal government in the event of a "catastrophic emergency". This may give you a "slight hint" about the direction this book is going.

The novel takes place in the near future of the United States of America. Technology has advanced especially in the area of nanotechnology, where even students become capable of creating nanites (nanobots) in their home lab.

The "Daybreak" is a terrorist organisation devoted to bring down the "Big System". It consists of several groups (from radical ecological to radical islamists) which only share their disgust for the status quo. 

It is introduced as a meme that has reached a critical mass. But the author also casts some doubts on that assumption. 

The Daybreak is surprisingly effective in creating a nanoplague (self-replicating nanites) devouring petroleum-based fuels, rubber, plastics and several metals. But it also has a new type of nuclear bomb at its disposal. 

This and some other facts create the impression that "Daybreak" is not what it seems. The riddle is not resolved in this book.

The larger part of the novel is about the executive power trying to fight back and within itself. As one may assume from the title, the original president and his vice-president are not around for long. And even with the end of the world close by, there are enough remains to squabble for. The failure of the leaderships encourages other to claim power for themselves. Only a few, the heroes of the book, are trying hard to hold it all together.

The book starts with a fast, gripping pace, a doomsday plot at its best. When it comes to the political side and dealing with the fallout, the novel remains more interesting than senate proceedings but requires some stamina on the reader side. The amount of characters is confusing (we go through four presidents alone) and even at the end, the purpose of some characters remain unclear. 

I have the followup novels on my reading list, but they are not as high prioritized as they would have been after the first third. 

You find this novel on Amazon,

Wednesday, January 22, 2014

Review: Bone Season by Smantha Shannon

I seem to be in for debut novels currently. Here is another one of a new author. At 22 years, Samantha Shannon is one of the youngest writers i have in my current portfolio (aka Kindle) and it does not require much scrying to see a lot of read-worthy books coming from her in the next years.

It is 2059 and not a good type to be magically gifted (or voyant as it is called here). The use of your talent is highly illegal and if you are caught, death will be your fate. So better keep your abilities hidden from everyone, even your only close family member. The best way to make a living is to join the syndicate and pursue a life of crime.

Paige Mahoney is not a happy but a content person when she is introduced. She feels safe within her environment. Her boss sees a lot of potential in her, more than she thinks she has. Her talent is a rare one as she can enter the minds of other people.

Her talent is put to a test when she is cornered by hunters of the Scion, the fascist, anti-voyant regime that has taken over England. While she manages to escape at first by using her power to kill, she is caught soon after. 

To her own surprise, she is not executed but shipped to the Gulag of her 21st century: Oxford (or "Sheol I" as it is now called.) The prison is not run by professors but near-human creatures called Rephaim. The rules of her life change dramatically.

Until that point the reader has not even finished half the book. Samantha not only fervently builds a world but also a huge vocabulary. Dreamwalker, floxy, rotties, mime-crime, flux, NVD are just a few examples of (i would guess) a low three digit number. 

It takes quite some learning from the reader and the complexity sometimes does not help but hinder the story development. On the other hand there are sequences where you are literally fleeing at her side over the roofs of London and really feel the breath of her pursuers in your own neck. In those action packed sequences she is at her best.

Another, easily forgiven, weakness is the language which feels to be stuck between the young adult and adult style. I expect this point to solve itself automagically during the sequels.

The overall construction of the story is solid and she even plays the reader by what seems to be plot device at first glance and turns out to be an important story element later in the book. I awarded bonus points for cheekiness here.

The book came to me highly praised through one of my wife's many magazines. While it did not fully live up to the (admittedly high) expectations, i am still impressed by an early work like this. You'll find it on Amazon.

Sunday, January 19, 2014

Review: Ancillary Justice by Ann Lackie

Devilish complex main character: Check! Non-linear storytelling: Present and accounted for! World building: Massive! New author: Yes! A combination that would challenge any experienced writer makes up the stunning debut of Ann Leckie. She is an author on which you will want to keep an eye on.

Let's start with a few highlights of the main character Breq: about 2.000 years old, once part of a hive mind and an excellent fighter inflicted with the disability to discern the gender of most dialog partners.

He started of as an Ancillary "One Esk Nineteen" of the starship "Justice of Torren". Ancillaries are former criminals who were mind-wiped and became (with boosted physical properties and reflexes) part of a hive minded ship AI. They have been a strong weapon in the expansion of the Radch Empire.

But the expansion has slowed down, ancillaries are being slowly replaced by humans, Beq has become alienated with his empire and is separated from his hive mind. How all of this is connected to each other is told in cutbacks that span a millennium.

Other authors manage to confuse their readers with a story a tenth as complex as this one. But this seems to be Ann Leckies talent: to never lose her audience throughout the story. Though some concentration is required and some quirks of Breqs perspective (per default everyone is a "she", memories are always plural) are challenging at the beginning, one is rewarded with insights into a very fascinating character, society and universe. The book really covers an alien perspective quite thoroughly.

While the aspect of the hive mind is clearly a central one (covering among other things: moral responsibility of single a part of the hive mind, split brain situations, synchronization), one will find a lot more to think about. Calling the novel a space opera does not do it justice. There are more aspects to it than i want to cover in this review. It would take too much pleasure away from the reader when (s)he discovers a lot of reminiscences to other classics of Science Fiction within.

While the novel does not end on a cliffhanger, it clearly calls for a sequel which i will eagerly wait for.

You can get this book on Amazon. I stumbled upon it in John Scalzi's blog, which has been a source of several reading inspirations for me.

Saturday, January 11, 2014

The German Science Fiction & Fantasy Book Market - A Guide For Foreign Authors

The German book market seems to be very interesting at first glance. With a volume of 13 billion US$ in 2011, the average revenue per capita is nearly twice that of the US market. Books have a very long tradition here. But for foreign authors, especially Science Fiction & Fantasy authors, there are some, ahem, let's call them "mitigating factors".

0 Disclaimer

Though i have successfully published a book, contributed to some and read several thousands of them, i don't claim to know every aspect of the market. This text is my highly subjective view on it. Though i would bet to be not far off the mark.

Even if this text has become longer than intended, i have simplified things.

If i say "Foreign Author", i am referring to those who are primarily publishing in English. The equations i put forth will look very different if you're writing in French or Japanese.

1 The German Book Market

There are about 90 to 98 million people with German as first language. Of those, more than half "like" or "like very much" to read. 66% of all woman and 52% of all men purchased books in 2012. So the overall demand for books is high.

But let us look at some details...

1.1 The German Language

Translating books into German is difficult. While it is a perfect language to create laws in or for writing a scientific paper, it is less suited to the entertaining style most SF&F is written in. The high precision reduces ambiguity and makes some kind of humor more difficult.

The pool of translators had no large overlap with the SF&F scene. Furthermore they had few card carrying members in the Geek and  Nerd squad which would have helped understanding a lot of allusions and jargon in the books. Translators were already considered to have a Fantasy background if they read "The Hobbit". This is improving due to a new generation coming up.

Overall, even a bad translation into German is expensive, a good one even more so. I have seen excellent translations in the past years (Patrick Rothfuss has been very lucky) and less excelling ones (i was not impressed with the German version of George R. R. Martin's Game of Thrones).

Be aware that a translation may heavily change style and targeting of a book or movie. If the translator thinks that the book is a topic for children, their translation will reflect that attitude. This can practically re-brand you.

For a foreign author, a German translation is very much like a raffle. Unless you, your agent or your publisher spend a lot of time on this,the result is dominated by random chance.

The costs for the translation reduce the revenue for the author (AFAIK by about 60-70% for non-celebrities) and increase the risk from the publishers point of view. So on the German language book market, you will always be in a competitive disadvantage.

Furthermore: translating a book takes time. Months at least, though years are not uncommon. Thanks to the Internet, fans know the next part of a series is already out in the U.S. or UK and begin to suffer. When the choice is between waiting years or improving your English, the results may surprise you.

1.2 Non language-related translation issues

Being translated contains more dangers for an author than just the German language. If you are considering a German translation, you should be aware of:

  • Large books are regularly broken up and published as two books in German. Often the reader is not made aware of the fact and ends up disappointed at some unintended (by the author) cliffhanger in the middle of your novel.
  • Do you mention Nazis? Or do you make allusions to them? Be prepared for some political correct translator to change things for you. Suddenly the "System Security" you gave those initials intentionally is abbreviated quite differently.
  • Sometimes translators decide not to stop with translating the language but also are germanizing personal, non-descriptive names. In Alan Dean Foster's Spellsinger, the translator (of a fantasy novel) even insisted on translating the name "Dungeon & Dragons" (which is brand in Germany as well) and "Kerker und Drachen Spieler" sounds really, really ridiculous in German.
  • The worst thing i ever experienced was that the characters in the middle of a novel suddenly started praising some canned soup. The ad was set in a different font, but when he was told, the author (Terry Pratchett) reacted truly shocked (as were his readers).

I am pretty sure that i only remembered only a small part of the things i have seen getting done to good innocent English literature. I can only recommend you to get some QA in Germany whom you trust.

1.2 The English language in Germany

English is non-optional if you want to achieve any educational level in Germany. So nearly everyone had at least a rudimentary knowledge already in the past.

The Internet has put the language on afterburner especially for geeks and nerds. So unless the author is using heavy slang, 30-50% of the potential German readers can read a novel in English nowadays if they put their mind to it.

The German language in comparison has become less important today. 

In 1980, without a German translation, a book stood no chance. And the only way to get an English book was to pay twice the list price and wait for weeks or months for it to arrive. With the easy availability (thanks to Amazon) and the increased proficiency (thanks to the Internet), the English language is now an important player on the German book market. But due to some issues (see below) the sales are not always attributed to the German market.

1.3 Selling Books in Germany

The book market was traditionally ruled by small book stores. In some areas, there were more book stores than bakeries. The shop clerks would know their customers. Their recommendations and disposition determined the fate of books. They were mostly biased toward "high literature" and against Science Fiction and Fantasy.

Their margin and market was protected by the special pricing in Germany (see next chapter). Only a few large book chains existed. Outside the book stores, nobody sold books in large amounts.

But this was about to change.

During the nineties there was a strong market concentration. Large bookstore chains started to rule the inner cities and small book stores started dying since they lost their bread-and-butter business. On the other hand, the large chains were not as close to their customers as the small bookstores which they were driving out of business.

Then came the Internet and Amazon.

With the rise of the Internet, English language proficiency increased, German readers learned of U.S. or UK release dates (which were years ahead of the German translation) and English books (even when printed) became cheaper than German books.  Especially Amazon was a cheap source for the next (English) sequel of the series you were burning to read.

The only reason the German book chains did not go the way of the Dodo and their brethren in other countries (yet) lies in some anti-competitive measures applied (e.g. see the chapter about ebooks).

Amazon is despised by German publishers. The market approach of Jeff Bezos conflicts strongly with the self image of publishers. They are loosing their filter function they had for a long time on the market. Amazon is showing them daily, that they don't know the market and readers as well as they think and state they do. This is not appreciated by them.

Amazon is a hot button issue in Germany currently. There are several social groups which are fighting them toes and nails. For them, Amazon represents the all they despise about the Internet and the Americanization of the culture. My personal guess is that Amazon will win that fight without breaking sweat.

1.4 Pricing

One important specialty of the German market is the fixing of book prices. When a book is published in Germany, the publisher has to set a price. It then becomes illegal to sell a new undamaged book to an end customer at any price other than that (in Germany).

This has two consequences:

  • There is not price competition for books published here. A retail chain cannot outbid a regular bookstore by just concentrating on bestsellers. The usual seller margin is at about 40%.
  • Any book not published here is much cheaper than their German pendant. Patricks "Name of the Wind" was at some time costing only 25% of its translation.

The idea is to protect the cultural value of books from the brutal market economics. The result was a golden age for publishers and book stores and they lobbied hard for it. It gave them a rather secure and highly profitable niche for decades but also made them vulnerable, once real competition appeared. 

Furthermore it gave their customers a high incentive to migrate to foreign markets. The price fixing does not apply to books published outside Germany. So a UK bestseller costs with shipping and handling significantly less than a German one.

1.5 ebooks

When the ebook market took off in the U.S. it caught German publishers and bookstores flatfooted (as did the Internet, as did Amazon). While they were busy to reproduce any error the music industry had already made, Amazon soon showed the world a working model.

To prevent Amazon from taking over the German ebook market, the publishers devised a simple scheme: They just refused to sell rights on German language books to Amazon at conditions it could accept. For 2-3 years, it was practically impossible to purchase a German language bestseller as an ebook.

Publishers developed their own ebook platforms which were DRM-heavy and were sold in e-stores which offered only a small fraction of the available books. Over the time their model approached Amazon at which point they were willing to deal with them again.

The publishers lobbied and sued to extend the price fixing on ebooks as well. They were and are completely unwilling to offer any kind on discount for customers that are not demanding to ship dead wood across the country. This also encouraged German readers to get their ebooks in English and elsewhere. 

Advanced SF&F readers have their Kindle account with instead of Due to some SNAFUs regularly happening, German publishers are able to prevent the release of some English ebooks on the German market until the translation is released. Therefore the German readers register themselves under a U.S. address and they will count in any statistic as U.S. buyer.

2 Science Fiction & Fantasy

On top of all of this, there are some issues specific to Science Fiction & Fantasy.

2.1 The Image

The early image of Science Fiction was created by the "Perry Rhodan" series, which is published weekly since 1961 in (by now) more than 2700 booklets. Perry Rhodan is the name of the main character and the plot now covers several thousand years with him. It was considered  pulp (at least in the beginning deservedly) and branded Science Fiction 
for decades.

When you purchased Science Fiction in the 80s in a typical bookstore (well, it had to be untypical a bit: in a real typical one, there would have been no SF&F at all) the sales clerk looked pitifully upon you. You expected them to offer you some porn to wrap your SF&F purchases in, so you won't have to be ashamed to be seen with it.

The image of Fantasy was slightly better, mostly thanks to Tolkien. But overall it was not taken seriously either. The world-building, the theoretical sociology, the prognosis on human development under different circumstances was utterly disregarded. On the shelf you found your Asimov or Brunner right next to the space western dime novel.

This has improved over the years. But Science Fiction & Fantasy is still invariably found farthest from the book store entrance. The shelf (usually a plural is not appropriate) is mostly filled with serial novels relating to movies or computer games (Warhammer 4K, WoW).

Computer games are also not considered to be cultural assets by the political and cultural establishment neither.

Perhaps the best way to illustrate the attitude towards Science Fiction and Fantasy is, that this genre does not rate hardcover releases. They are a very rare exception.

2.2 Community and Author outreach 

You will notice that German fans react to fan communities or author outreaches (live or via social media) differently. They are just not used to that. German authors usually do not interact this way with their fans.

"Serious" authors (which by definition excludes SF&F) often despise the Internet. When they grudgingly agree to interact with fans upon nudging from their publishers, they can produce strange results.

A few years ago, i noticed the acclaimed author Urs Widmer giving a reading in Hannover. A fried of mine (who was a big fan) drove 200 miles to participate and see him in person once. After the reading, some people approached the author with books and asked (very politely) for signings. At that point the author answered brusquely "This is a reading not a signing!" and left.

If you ask a classic German author about a presence on Facebook or a blog and (god forbid) spending some time on it, be prepared to get a look as if you were suggesting to sacrifice his firstborn to some ancient Egyptian god. I know this is unjust towards quite a lot younger authors, but it describes the vast bulk. SF&F authors tend to be more approachable, but are not immune to the general attitude.

So German readers discovering an author actually interacting may react in a strange way. I was really, really surprised when "pterry" answered on my questions in person via email in 1994. 

2.3 Movies

If your novel is made into a movie or a well known TV series, everything changes. By some magic transformation, it is no longer Fantasy or Science Fiction but a classic. You are serious literature now. At this point, book stores will barricade the entrance to their stores with your work. People outside the "scene" will ask for and purchase your books (but only if in German).

2.4 Competition

The most successful German Fantasy author is Wolfgang Hohlbein with 43 million sold books. You will have difficulties to find English translations from him, those are very rare. He has sold more books in Korean language than in English. I hope none of both is insulted when i say that he is like a German version of Stephen King.

Another author who is praised in my circles is Andreas Eschbach. But he also has only few books translated into English.

Beside them, i am very hard pressed to come up with more names. But since i turned away from that market in disappointment 15 years ago, i am not current development. But we have no Isaac Asimov, no John Brunner, no John Scalzi, no Patrick Rothfuss here. But we have a lot of authors who turn out one novel after another which are hard to distinguish from their previous one.

3 Summary and Recommendations

To sum it up:

  • While the German language book market seems attractive at first glance, it is highly dysfunctional. This will make it hard for a foreign SF&F author to earn money on it.
  • Being a successful SF&F author on your market, will not give you a lot of prestige with publishers here.
  • A good translation of your book is expensive. The costs will be cut from your side of the deal. A bad translation will damage your brand.
  • The English language is no longer the barrier it used to be. German Publishers have spent the last two decades converting especially SF&F readers to the English language. If there is a society out there to promote the English language, they should consider giving a lifetime award to those Publishers. The lifetime of some of them may come to an end soon.

So, if you are a Science Fiction or Fantasy author publishing in English, what do i recommend you:
  1. You don't need a German translation urgently as you will sell to German readers anyway. You will have problems to know, what your success in Germany is. Profiling your fans on Google+, Facebook or in your blog will tell you more about it than any sales figure will ever do. Any sales figure you will get for the German market will be more fantasy than your book.
  2. If you want or are asked to be present with a German version of your book, pay attention on the translation. The revenue from a license deal may not compensate the brand damage of a bad translation. You should see a German translation more as a marketing effort than revenue source. Get some QA on the translation from someone you trust.
  3. A German version of your book becomes important, when you just sell it to 20th Century Fox or HBO and Peter Dinklage will be starring. Then the book reaches outside the SF&F community. But in  that case you will not have any problems finding a publisher and a good translator. You would be rather sorry then (in terms of quality and revenue) to have sold the licensing rights cheaply early on.
I hope this has helped you a bit understanding the German market and or at least entertained you a bit.