I wrote a long article for Ars Technica nearly a year ago that looked at the past, present, and future. The reality hasn't changed much since then.
Most so-called municipal Wi-Fi projects involved a handful of companies absorbing all the initial network cost in exchange for some to no city business and access to citizens for coverage. EarthLink, MetroFi, Kite, and AT&T were the most prominent. EarthLink got out of the business; AT&T still does some metro-scale networking (Riverside), and MetroFi and Kite shut down.
There are a ton of networks run entirely or nearly so for public safety and/or municipal purposes that have been very successfully in Oklahoma City and elsewhere.
The final standard simply confirms what's been shipping in the market in largely unchanged form for over two years. The Wi-Fi Alliance has been certifying devices against a stable draft since 2007. There's no such thing as "pre-standard" devices in this category. Either they have a Wi-Fi seal for Draft N or they don't.
I've looked through the comments, and I cannot tell whether anyone has read the paper linked or is commenting on the summary. The summary, derived from news coverage, is incorrect.
The exploit works only to recover a single MIC encryption key which is distinct for each packet. It allows a packet intended for a client to be falsified, but the packet has to be short and mostly known, like an ARP packet. The researchers require that they act as a physical man in the middle, as a relay between an access point and a client, where the client cannot receive signals from the access point.
It's very clever, but it doesn't involve breaking TKIP per se; it has nothing to do with key recovery for network encryption.
TidBITS system guy here. Sorry for the troubles. We had a glitch in our Apache min/max/spare/etc settings that was triggered for the first time by Slashdot traffic. (A combination of a new method to zoom images and AJAX produced a very high set of spawned children for each new visitor.)
Save yourself! Reboot in 5 seconds!