diff --git a/examples/gcp.yml b/examples/gcp.yml
index aefeccc24..6b54438c8 100644
--- a/examples/gcp.yml
+++ b/examples/gcp.yml
@@ -32,7 +32,6 @@ onboot:
      - /dev:/dev
      - /var:/var
      - /tmp/etc/resolv.conf:/etc/resolv.conf
-    readonly: true
     net: host
     capabilities:
      - CAP_SYS_ADMIN
diff --git a/projects/demo/README.md b/projects/demo/README.md
index e62e07024..c67f0f28d 100644
--- a/projects/demo/README.md
+++ b/projects/demo/README.md
@@ -5,40 +5,13 @@ This directory contains files used in moby demos.
 Most of the scripts/files assume you are on a Mac.
 
 - Recent Docker for Mac installed (edge, nightly, master channel)
-- Currently, you need a *custom* version of VPNKit installed in Docker
-  for Mac (see below)
+  For some of the demo setup, you need at least 17.05.0-ce-rc1
 - For the GCP portion: `brew install google-cloud-sdk`
-- For `etcd`: `brew install etcd`
 - Infrakit: Clone [infrakit](https://github.com/docker/infrakit) and
   the [GCP plugin](https://github.com/docker/infrakit.gcp) for
-  infrakit.  For each, `make build-in-container` and then copy the
-  contents of `./build` somewhere in your path.
-
-For some of the demos, you currently need an updated version of VPNKit
-for Docker for Mac. Hopefully this version will ship as default soon.
-
-Quit docker for Mac
-```
-curl -fsSL --retry 10 -z vpnkit.tgz -o vpnkit.tgz https://circle-artifacts.com/gh/docker/vpnkit/708/artifacts/0/Users/distiller/vpnkit/vpnkit.tgz
-
-tar xzvf vpnkit.tgz
-cp Contents/MacOS/vpnkit /Applications/Docker.app/Contents/Resources/bin/
-```
-Restart Docker for Mac.
-
-
-# Local setup
-
-We use a `socat` container to forward ports from the VM to localhost (via Docker for Mac), to make it easier to access some VMs. To build
-```
-(cd dockerfiles; docker build -t socat -f Dockerfile.socat .)
-```
-And then run:
-```
-docker run --rm -t -d -p 8080:8080 socat tcp-listen:8080,reuseaddr,fork tcp:192.168.65.100:80
-```
-This forwards local port `8080` to `192.168.65.100:80`, so if you start, say the `intro` image, run `moby run -ip 196.168.65.100 intro`
-
+  infrakit.  The GCP plugin, needs to be v0.1. For each, `make
+  build-in-container` and then copy the contents of `./build`
+  somewhere in your path.
 
 # GCP Setup
 
@@ -63,3 +36,14 @@ gcloud compute firewall-rules create rneugeba-demo-internal --network \
 The firewall setup means that all our projects networks can talk to the demo network.
 
 
+# Expose VMs ports on localhost
+
+You can use a `socat` container to forward ports from the VM to localhost (via Docker for Mac), to make it easier to access some VMs. To build
+```
+(cd dockerfiles; docker build -t socat -f Dockerfile.socat .)
+```
+And then run:
+```
+docker run --rm -t -d -p 8080:8080 socat tcp-listen:8080,reuseaddr,fork tcp:192.168.65.100:80
+```
+This forwards local port `8080` to `192.168.65.100:80`, so if you start, say the `intro` image, run `moby run -ip 196.168.65.100 intro`
diff --git a/projects/demo/etcd/build-pkg.sh b/projects/demo/etcd/build-pkg.sh
index a1da2c2f5..88f9c56b1 100755
--- a/projects/demo/etcd/build-pkg.sh
+++ b/projects/demo/etcd/build-pkg.sh
@@ -1,4 +1,4 @@
 #! /bin/sh
-docker build -t mobylinux/etcd .
+docker build -t linuxkit/etcd .
 
 docker build -t etcd.local -f Dockerfile.local .
diff --git a/projects/demo/etcd/etcd.yml b/projects/demo/etcd/etcd.yml
index 3f8831255..e7d24da73 100644
--- a/projects/demo/etcd/etcd.yml
+++ b/projects/demo/etcd/etcd.yml
@@ -1,14 +1,14 @@
 kernel:
-  image: "mobylinux/kernel:4.9.x"
+  image: "linuxkit/kernel:4.9.x"
   cmdline: "console=ttyS0 console=tty0 page_poison=1"
 init:
-  - mobylinux/init:8375addb923b8b88b2209740309c92aa5f2a4f9d
-  - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
-  - mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
-  - mobylinux/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
+  - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b
+  - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
+  - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
+  - linuxkit/ca-certificates:eabc5a6e59f05aa91529d80e9a595b85b046f935
 onboot:
   - name: sysctl
-    image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
+    image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a"
     net: host
     pid: host
     ipc: host
@@ -16,14 +16,14 @@ onboot:
      - CAP_SYS_ADMIN
     readonly: true
   - name: format
-    image: "mobylinux/format:53748000acf515549d398e6ae68545c26c0f3a2e"
+    image: "linuxkit/format:53748000acf515549d398e6ae68545c26c0f3a2e"
     binds:
      - /dev:/dev
     capabilities:
      - CAP_SYS_ADMIN
      - CAP_MKNOD
   - name: mount
-    image: "mobylinux/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a"
+    image: "linuxkit/mount:d2669e7c8ddda99fa0618a414d44261eba6e299a"
     binds:
      - /dev:/dev
      - /var:/var:rshared,rbind
@@ -32,7 +32,7 @@ onboot:
     rootfsPropagation: shared
     command: ["/mount.sh", "/var/lib/etcd"]
   - name: dhcpcd
-    image: "mobylinux/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd"
+    image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd"
     binds:
      - /var:/var
      - /tmp/etc:/etc
@@ -48,19 +48,18 @@ onboot:
      - /dev:/dev
      - /var:/var
      - /tmp/etc/resolv.conf:/etc/resolv.conf
-    readonly: true
     net: host
     capabilities:
      - CAP_SYS_ADMIN
 services:
   - name: rngd
-    image: "mobylinux/rngd:3dad6dd43270fa632ac031e99d1947f20b22eec9"
+    image: "linuxkit/rngd:f5e5be43e730ea819c3293d5c6dcbfa7f4c5c314"
     capabilities:
      - CAP_SYS_ADMIN
     oomScoreAdj: -800
     readonly: true
   - name: ntpd
-    image: "mobylinux/openntpd:a570316d7fc49ca1daa29bd945499f4963d227af"
+    image: "linuxkit/openntpd:a570316d7fc49ca1daa29bd945499f4963d227af"
     capabilities:
       - CAP_SYS_TIME
       - CAP_SYS_NICE
@@ -69,7 +68,7 @@ services:
       - CAP_SETGID
     net: host
   - name: etcd
-    image: "mobylinux/etcd"
+    image: "linuxkit/etcd"
     capabilities:
      - CAP_CHOWN
      - CAP_SETUID
diff --git a/projects/demo/intro/intro.yml b/projects/demo/intro/intro.yml
index 955d805fe..3c3e1023e 100644
--- a/projects/demo/intro/intro.yml
+++ b/projects/demo/intro/intro.yml
@@ -1,13 +1,13 @@
 kernel:
-  image: "mobylinux/kernel:4.9.x"
+  image: "linuxkit/kernel:4.9.x"
   cmdline: "console=ttyS0 console=tty0 page_poison=1"
 init:
-  - mobylinux/init:925c88f42d92d57cd36b656db1f8757b152163a7
-  - mobylinux/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
-  - mobylinux/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
+  - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b
+  - linuxkit/runc:b0fb122e10dbb7e4e45115177a61a3f8d68c19a9
+  - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
 onboot:
   - name: sysctl
-    image: "mobylinux/sysctl:2cf2f9d5b4d314ba1bfc22b2fe931924af666d8c"
+    image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a"
     net: host
     pid: host
     ipc: host
@@ -16,7 +16,7 @@ onboot:
     readonly: true
 services:
   - name: dhcpcd
-    image: "mobylinux/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd"
+    image: "linuxkit/dhcpcd:0d4012269cb142972fed8542fbdc3ff5a7b695cd"
     binds:
      - /var:/var
      - /tmp/etc:/etc
diff --git a/src/cmd/infrakit-instance-hyperkit/instance.go b/src/cmd/infrakit-instance-hyperkit/instance.go
index 46a4bb3b8..b4b2cc5d6 100644
--- a/src/cmd/infrakit-instance-hyperkit/instance.go
+++ b/src/cmd/infrakit-instance-hyperkit/instance.go
@@ -76,7 +76,7 @@ func (p hyperkitPlugin) Provision(spec instance.Spec) (*instance.ID, error) {
 	log.Infof("[%s] New instance", id)
 
 	logicalID := string(id)
-	uuidStr := ""
+	vpnkitKeyStr := ""
 
 	diskImage := ""
 	if spec.LogicalID != nil {
@@ -85,12 +85,12 @@ func (p hyperkitPlugin) Provision(spec instance.Spec) (*instance.ID, error) {
 		// it into a magic UUID which cause VPNKit to assign a
 		// fixed IP address
 		if ip := net.ParseIP(logicalID); len(ip) > 0 {
-			uuid := make([]byte, 16)
-			uuid[12] = ip.To4()[0]
-			uuid[13] = ip.To4()[1]
-			uuid[14] = ip.To4()[2]
-			uuid[15] = ip.To4()[3]
-			uuidStr = fmt.Sprintf("%x-%x-%x-%x-%x", uuid[0:4], uuid[4:6], uuid[6:8], uuid[8:10], uuid[10:])
+			vpnkitkey := make([]byte, 16)
+			vpnkitkey[12] = ip.To4()[0]
+			vpnkitkey[13] = ip.To4()[1]
+			vpnkitkey[14] = ip.To4()[2]
+			vpnkitkey[15] = ip.To4()[3]
+			vpnkitKeyStr = fmt.Sprintf("%x-%x-%x-%x-%x", vpnkitkey[0:4], vpnkitkey[4:6], vpnkitkey[6:8], vpnkitkey[8:10], vpnkitkey[10:])
 		}
 		// If a LogicalID is supplied and the Disk size is
 		// non-zero, we place the disk in a special directory
@@ -115,7 +115,7 @@ func (p hyperkitPlugin) Provision(spec instance.Spec) (*instance.ID, error) {
 	}
 
 	log.Infof("[%s] LogicalID: %s", id, logicalID)
-	log.Debugf("[%s] UUID: %s", id, uuidStr)
+	log.Debugf("[%s] VPNKitKey: %s", id, vpnkitKeyStr)
 
 	// Start a HyperKit instance
 	h, err := hyperkit.New(p.HyperKit, p.VPNKitSock, instanceDir)
@@ -124,7 +124,7 @@ func (p hyperkitPlugin) Provision(spec instance.Spec) (*instance.ID, error) {
 	}
 	h.Kernel = properties["kernel+initrd"].(string) + "-bzImage"
 	h.Initrd = properties["kernel+initrd"].(string) + "-initrd.img"
-	h.UUID = uuidStr
+	h.VPNKitKey = vpnkitKeyStr
 	h.DiskImage = diskImage
 	h.ISOImage = isoImage
 	h.CPUs = int(properties["CPUs"].(float64))