Ah, I see, so no mining will happen after the 50000th block right? The only way to get any coin afterwards would be to obtain from those who already have it?
It could be. In theory, "interest" payments could be made to stake holders who find POS blocks. It would depend on the specifics.
The main point is that you need stake ownership to be distributed or you are back where you started. If one person has 51% of the stake, you could be back where you started.
While hardcoding in the Bitcoin client remains the status quo, I would have no problem telling a fake chain from the real one without such hardcoding, as I could always check if the difficulty of the newest blocks meet the right target, assuming no one is attacking me with a hundred million-dollar farm of course, it is on the other hand much easier to just change the content of a software as the cost for hijacking a communication channel is much lower,
The reason for checkpoints in the client is that you could spam someone with lots of low difficulty blocks to use up their bandwidth. Each block can be 1MB. As long as 2016 blocks takes at least 2 week, the difficulty per block will remain at the lowest possible. Bitcoin was launched 3rd January 2009. That is roughly 5 years. At 1008 blocks per week, that is 262080 blocks. In practice, there are more blocks and that is the reason difficulty rose.
This means that you could send someone 262080 fake blocks of padded transactions without the difficulty rising. It would be reasonably cheap to create them. That is 262GB of data that you can flood a node with and it is a perfectly valid chain.
With "headers-first", that is less of a concern. When syncing the client asks for headers first. This allows the client find the best chain first and then start downloading the data. Headers are only 80 bytes, so 262080 fake blocks would only result in a download of around 20MB.
If a client connected to 7 hostile nodes and 1 honest node, the total download spent on headers would be 160MB instead of the normal 20MB. Once the client had all the headers, it would know which node was the honest one.
also the developer may have difficulty proving himself to be the...developer without an external authority, similar things happened in the countless cases of internet scams.
The developer would just hardcode his public key into the software. The client could just check that the message is signed by him.
In practice, it would be better if there was multiple people with the keys. Those people should be trusted and distributed over the planet (for protection against court orders).
The checkpoint would have to be signed by M of N of them. For example, there could be 9 public keys hard coded into the client at lauch and the checkpoint has to be signed by at least 6 of them.