[pgustafs]

1) A node _could_ run arbitrary code, but unless it trusts the code's provenance then it should use a white-list as you mention.

> why not just settle on a fixed-but-extensible list of hashing algorithms that are known to work well today?"

Sure, that's what a whitelist will be, but with one major difference: each node gets to pick its own whitelist, there's no built-in centralization via the "one true source code."

2) Yes, miners will choose hashing algorithms that are easy for themselves and hard for others, but the nodes get to value each block from their own perspective. If they think a miner is using a weird hash function, they can penalize it or just blacklist the function.