diff --git a/content/computers/20240324-containers-what-why-and-how/images/comic_1.png b/content/computers/20240324-containers-what-why-and-how/images/comic_1.png
new file mode 100644
index 0000000..4942d6f
Binary files /dev/null and b/content/computers/20240324-containers-what-why-and-how/images/comic_1.png differ
diff --git a/content/computers/20240324-containers-what-why-and-how/images/comic_2.png b/content/computers/20240324-containers-what-why-and-how/images/comic_2.png
new file mode 100644
index 0000000..8e0b813
Binary files /dev/null and b/content/computers/20240324-containers-what-why-and-how/images/comic_2.png differ
diff --git a/content/computers/20240324-containers-what-why-and-how/images/comic_3.png b/content/computers/20240324-containers-what-why-and-how/images/comic_3.png
new file mode 100644
index 0000000..2965436
Binary files /dev/null and b/content/computers/20240324-containers-what-why-and-how/images/comic_3.png differ
diff --git a/content/computers/20240324-containers-what-why-and-how/images/comic_end.png b/content/computers/20240324-containers-what-why-and-how/images/comic_end.png
new file mode 100644
index 0000000..4a5f242
Binary files /dev/null and b/content/computers/20240324-containers-what-why-and-how/images/comic_end.png differ
diff --git a/content/computers/20240324-containers-what-why-and-how/index.md b/content/computers/20240324-containers-what-why-and-how/index.md
new file mode 100644
index 0000000..d51a213
--- /dev/null
+++ b/content/computers/20240324-containers-what-why-and-how/index.md
@@ -0,0 +1,70 @@
+---
+title: The What, Why and How of Containers
+date: 2024-03-24
+slug: what-why-how-containers
+---
+
+Alternate title: *An history of OS-Level Virtualisation on UNIX and then Linux*.
+
+This post is part of an entry for [the Handmade Network's Learning Jam 2024](https://handmade.network/jam/learning-2024)
+
+## The problem
+
+{{< art-img "images/comic_1.png" >}}
+
+## It all starts with `chroot` *(UNIX, 1982)*
+
+```
+$ apropos chroot
+chroot (1)           - run command or interactive shell with special root directory
+chroot (2)           - change root directory
+```
+
+Chroot is a kernel mechanism available since early versions of UNIX that allows to run a process as with an alternate root directory. The process shares the kernel and hardware, but only has access to a subtree of the file system.
+
+{{< art-img "images/comic_2.png" >}}
+
+## Jails on Free BSD *(FreeBSD, 2000)*
+
+FreeBSD jails basically take chroot and build upon it by adding mechanism to isolate and control the use of other system resources beside the filesystem.
+
+The end result is a kernel mechanism that is a complete container implementation:
+- Fully (More or less, depending onthe exact configuration of the jail) isolated userspace
+- Running on the same kernel as the host
+
+{{< art-img "images/comic_3.png" >}}
+
+## Quick tangent: Control Groups (cgroups) *(Linux, 2007, major update in 2016)*
+
+Control groups are a mechanism in Linux that allows to control which how much of the system resources a process (and it's child processes) can use. It wasn't originally meant for virtualisation, but rather as a system to avoid processes fighting over hardware, and to implement quotas. It however turned out to be very useful when it came to implement containers.
+
+## Namespaces *(Linux, starting 2002)*
+
+Namespaces allow to isolate processes within the namespace from the rest with regard to a specific global resource such as mount points, process ids, user ids, interprocess communication, networking or time.
+
+But more crucially they also allow to isolate across cgroups, giving the illusion of being alone on the system.
+
+## How to make a linux container
+
+With those mechanisms (chroot, cgroups and namespaces) in place creating a container is conceptually relatively simple:
+
+- First you populate the subtree that your container will have access too, ready to be chroot-ed in
+- Then you create namespaces for all you need to isolate (this usually includes at least PID, UID, mountpoints and cgroups)
+- Finally you run your containerized process within your namespaces, chroot'ed to it's subtree
+
+## Conclusion
+
+{{<art-img "images/comic_end.png">}}
+
+In practice you don't need to make them from scratch, people already have made systems for managing containers with nicer user interfaces those include Docker, LXC and systemd-nspawn just to name a few, and there is probably one just right for your use-case.
+
+## Sources
+
+- Linux manual pages:
+  - [chroot(1)](https://man7.org/linux/man-pages/man1/chroot.1.html)
+  - [chroot(2)](https://man7.org/linux/man-pages/man2/chroot.2.html)
+  - [cgroups(7)](https://man7.org/linux/man-pages/man7/cgroups.7.html)
+  - [namespaces(7)](https://man7.org/linux/man-pages/man7/namespaces.7.html)
+- [Free BSD Handbook: Chapter 17. Jails and Containers](https://docs.freebsd.org/en/books/handbook/jails/)
+- [Linux kernel documentation: Control group v2](https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html)
+- Comic bits inspired by the awesome [XKCD](https://xkcd.com)
diff --git a/layouts/shortcodes/art-img.html b/layouts/shortcodes/art-img.html
new file mode 100644
index 0000000..dcab57f
--- /dev/null
+++ b/layouts/shortcodes/art-img.html
@@ -0,0 +1,3 @@
+{{ with .Get 0  }}
+   <img style="display:block; margin: auto" src="{{ . }}"/>
+{{ end }}
diff --git a/layouts/shortcodes/quote.html b/layouts/shortcodes/quote.html
new file mode 100644
index 0000000..e570ac3
--- /dev/null
+++ b/layouts/shortcodes/quote.html
@@ -0,0 +1,4 @@
+<blockquote>
+  <em>{{.Inner}}</em>
+  <p style="text-align:right">-- {{.Get 0}}</p>
+</blockquote>